Live disclosure tracker · updated continuously

2026 Data Breaches Year-to-Date

2026 continues the year-over-year growth trend in confirmed disclosures. The list below updates as new breaches are reported by Verizon DBIR partners and major security news outlets.

98B+

Records Exposed

665

Incidents

94+

Countries

+104%

Breach Velocity YoY

View Live Map → Run Free Exposure Scan RSS

Browse by sector

All breaches Healthcare Finance Government Technology Retail Education Legal

Browse by year

2026 Data Breaches Year-to-Date (665 indexed)

critical · tech · Jan 10, 2026

Booking.com

2.3M guest records compromised in phishing campaign targeting hotels

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · finance · Jan 10, 2026

Societe Generale (2026)

1.5M customer records compromised in second incident

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 10, 2026

Bosch Group

560K manufacturing and IoT device records exposed

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · finance · Jan 10, 2026

Scotiabank (Canada)

2.1M customer records from Caribbean and Central American operations exposed

View incident → Original disclosure Indexed 3 months, 3 weeks ago

medium · government · Jan 10, 2026

Government of Prince Edward Island

78K health card records compromised

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · retail · Jan 10, 2026

MEC (Mountain Equipment)

450K member records compromised

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · government · Jan 10, 2026

City of Winnipeg (2026)

280K resident records compromised

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · healthcare · Jan 10, 2026

The Ottawa Hospital

780K patient records exposed in data exfiltration

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 10, 2026

Instagram (Alleged Leak)

17.5M account records posted to BreachForums

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · tech · Jan 10, 2026

NEC Corporation

560K corporate client records stolen

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · government · Jan 10, 2026

City of Toronto (2026)

420K resident records stolen in targeted attack

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · finance · Jan 10, 2026

CIRO (Canadian Investment Regulatory Org)

750K Canadian investors exposed — SINs, income, account statements via phishing attack

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · retail · Jan 10, 2026

Starbucks Corporation

950K rewards member records exposed via API vulnerability in mobile order-ahead system

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · government · Jan 9, 2026

Social Security Administration

3.6M beneficiary records exposed via compromised contractor with access to benefits system

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · healthcare · Jan 8, 2026

Cleveland Clinic

1.3M patient records exposed via zero-day in medical imaging PACS system

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · healthcare · Jan 8, 2026

Epic Systems (Vendor Incident)

2.1M patient records accessed via compromised third-party integration at EHR giant

View incident → Original disclosure Indexed 3 months, 3 weeks ago

medium · tech · Jan 8, 2026

Linear (Project Management)

120K workspace records exposed via OAuth misconfiguration

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · healthcare · Jan 8, 2026

MedStar Health (2026)

2.1M patient records compromised in ransomware incident

View incident → Original disclosure Indexed 3 months, 3 weeks ago

critical · other · Jan 8, 2026

Accenture (Client Data)

1.4M client consulting records from 23 countries exposed via LockBit affiliate intrusion

View incident → Original disclosure Indexed 3 months, 3 weeks ago

high · other · Jan 7, 2026

SNC-Lavalin / AtkinsRealis (Canada)

190K employee and project records from Canadian engineering firm compromised

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · tech · Jan 7, 2026

Microsoft Office

Microsoft Office PowerPoint Code Injection Vulnerability — Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineT

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · tech · Jan 7, 2026

Hewlett Packard Enterprise (HPE) OneView

Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability — Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code ex

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · other · Jan 6, 2026

Bombardier Aerospace

Engineering documents and employee data stolen via Accellion FTA exploit — posted on CL0P leak site

View incident → Original disclosure Indexed 3 months, 4 weeks ago

high · education · Jan 6, 2026

WhiteDate

20,363 records exposed — Ages, Astrological signs, Bios, Device information and 18 more

View incident → Original disclosure Indexed 3 months, 4 weeks ago